Todd Petty, Information Security Officer at True Value Company, explained how an organization can make changes to its information security program in his presentation at the 2013 Chief Information Security Officer Leadership Forum in Chicago on Nov. 14. During his presentation, "Champion Changes in Security – A Holistic and Organic Approach," Petty defined what it takes to champion information security changes in an organization, and how even a single change can have far-flung effects on an organization.

Petty noted that an organization should look for assistance in a variety of areas to improve its information security program. By doing so, Petty said that an organization can find myriad solutions to information security issues. In addition, Petty acknowledged that outside assistance can be valuable for an organization that wants to bolster its information security program: "You need to look to the outside. Look to partners for assistance and advice; consultants, people that have been there before, somebody that may know the organization that you’re about to go into. Security risk can be different in various business units."

According to Petty, an organization should conduct plenty of research to champion changes in its information security program. An organization should assess its talent, Lloyd said, and look to the grapevine to find partners who can help implement effective information security program changes: "The grapevine is usually pretty good and informative of telling you about that organization [and] its history with IT security. ... Does it have the right people [and] the right talent or are you going to have to go in there and clean up an entire mess, which none of us wants to do, but sometimes we’re told in the beginning that’s the biggest challenge, that we may have to do that."